package com.zhijiaoyun.adapter;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.zhijiaoyun.common.CommonUtils;
import com.zhijiaoyun.common.DsConstant;
import com.zhijiaoyun.common.StringUtils;
import com.zhijiaoyun.model.Admin;
import com.zhijiaoyun.service.IAdminService;
import com.zhijiaoyun.service.IAuthorityService;

/**
 * @author shisfish
 * @date 2017/6/6
 */
public class ManagerInterceptorAdapter extends HandlerInterceptorAdapter {

	@Resource
	private IAdminService adminService;
	
	@Resource
	private IAuthorityService authorityService;

	/**
	 * 不需要拦截的内容
	 */
	public String[] allowUrls;

	public void setAllowUrls(String[] allowUrls) {
		this.allowUrls = allowUrls;
	}

	private String permissionUrl_user = "user";
	private long permissionUrl_userId = 4;
	private String permissionUrl_admin = "admin";
	private long permissionUrl_adminId = 3;
	private String permissionUrl_setting = "setting";
	private long permissionUrl_settingId = 5;
	private String permissionUrl_course = "course";
	private long permissionUrl_courseId = 1;
	private String permissionUrl_news = "news";
	private long permissionUrl_newsId = 2;

	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws IOException {
		
		String requestUrl = request.getRequestURI().replace(request.getContextPath(), "");

		// 如果有允许通过的url 则直接通过
		if (null != allowUrls && allowUrls.length >= 1) {
			for (String url : allowUrls) {
				if (requestUrl.contains(url)) {
					return true;
				}
			}
		}
		Map<String, Object> map = new HashMap<>();
		Object token = request.getParameter("token");
		if (StringUtils.isEmptyObject(token)) {
			map.put(DsConstant.CODE, DsConstant.CODE_TOKEN_LOST);
			map.put(DsConstant.MESSAGE, DsConstant.MESSAGE_TOKEN_LOST);
			CommonUtils.responseOutMap(response, map);
			return false;
		}
		long adminId = CommonUtils.getAdminIdByToken(String.valueOf(token));
		if (adminId == 0) {
			map.put(DsConstant.CODE, DsConstant.CODE_TOKEN_LOST);
			map.put(DsConstant.MESSAGE, DsConstant.MESSAGE_TOKEN_LOST);
			CommonUtils.responseOutMap(response, map);
			return false;
		}
		long authorityId = getAuthorityId(requestUrl);
		boolean isAllowed = adminService.isAllowed(adminId, authorityId);
		if (!isAllowed) {
			map.put(DsConstant.CODE, DsConstant.CODE_AUTHORITY_LOST);
			map.put(DsConstant.MESSAGE, DsConstant.MESSAGE_AUTHORITY_LOST);
			CommonUtils.responseOutMap(response, map);
			return false;
		}
		Admin admin = adminService.getById(adminId);
		if (admin == null) {
			map.put(DsConstant.CODE, DsConstant.CODE_AUTHORITY_LOST);
			map.put(DsConstant.MESSAGE, DsConstant.MESSAGE_AUTHORITY_LOST);
			CommonUtils.responseOutMap(response, map);
			return false;
		}
		request.setAttribute("createUser", admin.getAccount());
		
		return true;
	}
	
	private long getAuthorityId(String requestUrl) {
		long authorityId = 0;
		if (requestUrl.contains(permissionUrl_course)) {
			authorityId = permissionUrl_courseId;
		} else if (requestUrl.contains(permissionUrl_news)) {
			authorityId = permissionUrl_newsId;
		} else if (requestUrl.contains(permissionUrl_admin)) {
			authorityId = permissionUrl_adminId;
		} else if (requestUrl.contains(permissionUrl_user)) {
			authorityId = permissionUrl_userId;
		} else if (requestUrl.contains(permissionUrl_setting)) {
			authorityId = permissionUrl_settingId;
		}
		return authorityId;
	}

	@Override
	public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
			throws Exception {
		
	}

	@Override
	public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
			throws Exception {
	}

}
